#!/usr/bin/env python

from ldap3 import Connection, Server, ANONYMOUS, SIMPLE, SYNC, ASYNC, core
from getpass import getpass
import configparser
import logging
import argparse
import os
import requests
import urllib3
import json
import mysql.connector

def request(resource, seafileURL, seafileToken, method='GET', data=None, dataIsJson=True):
    if data is None:
        httpHeaders = {'Accept': 'application/json; charset=utf-8; indent=4', 'Authorization': 'Token {0}'.format(seafileToken)}
        data = ''
    else:
        if dataIsJson:
            data = json.dumps(data)
            httpHeaders = {'Content-type': 'application/json', 'Accept': 'application/json; charset=utf-8; indent=4', 'Authorization': 'Token {0}'.format(seafileToken)}
        else:
            httpHeaders = {'Content-type': 'application/x-www-form-urlencoded', 'Accept': 'application/json; charset=utf-8; indent=4', 'Authorization': 'Token {0}'.format(seafileToken)}
    url = '{0}/api/v2.1/{1}'.format(seafileURL, resource)
    logger.debug('Request URL: {0}'.format(url))
    logger.debug('Request Method: {0}'.format(method))
    logger.debug('Request Headers: {0}'.format(httpHeaders))
    logger.debug('Request Data: {0}'.format(data))
    r = requests.request(
        method,
        url,
        data = data,
        headers = httpHeaders,
    )
    logger.debug('Response: {0}'.format(r))
    logger.debug('Request Status Code: {0}'.format(r.status_code))
    if r.ok:
        try:
            logger.debug('Request Returned JSON: {0}'.format(r.json()))
            return {'ok': r.ok, 'status_code': r.status_code, 'response': r.json()}
        except:
            logger.debug('Request Returned Text: {0}'.format(r.text))
            return {'ok': r.ok, 'status_code': r.status_code, 'response': r.text}
    raise ValueError(r)

#def 
parser = argparse.ArgumentParser(description='Sync LDAP with Seafile')
    #group = parser.add_mutually_exclusive_group()
    #group.add_argument('-e', '--encrypt', action='store_true', help='encrypt')
    #group.add_argument('-d', '--decrypt', action='store_true', help='decrypt')
    #parser.add_argument('-t', '--text', type=str, help='text to encrypt/decrypt')
    #group2 = parser.add_mutually_exclusive_group()
    #group2.add_argument('-t', '--text', type=str, help='text to encrypt/decrypt')
    #group2.add_argument('-f', '--file', type=str, help='file to encrypt/decrypt, will create a .pynacl file when encrypting, and requires .pynacl file to decrypt')
parser.add_argument('-v', '--verbose', action='store_true', help='increase log level to debug')
args = parser.parse_args()


logger = logging.getLogger(__name__)
logFormatter = logging.Formatter('%(asctime)s - [%(levelname)s] %(message)s', datefmt='%Y-%m-%d %H:%M:%S')
logger.setLevel(logging.INFO)
if args.verbose:
    logger.setLevel(logging.DEBUG)
else:
    logger.setLevel(logging.INFO)

#fileHandler = logging.FileHandler("/tmp/seafile-ldap.log")
#fileHandler.setFormatter(logFormatter)
#logger.addHandler(fileHandler)

consoleHandler = logging.StreamHandler()
consoleHandler.setFormatter(logFormatter)
logger.addHandler(consoleHandler)

# get directory of script
cwd = os.path.dirname(os.path.realpath(__file__))
configPath = os.path.join(cwd, 'config.ini')

# import the config file
logger.debug("Starting to read the config.ini file.")
logger.debug("Using file {0}.".format(configPath))
if os.path.exists(configPath):
    config = configparser.ConfigParser()
    config.read(configPath)
else:
    logger.critical("Unable to find/read config file. Please ensure the config.ini is in the same directory as this script and readable.")
    exit(1)
    
seafileToken = config['Seafile']['token']
ccnetPath = config['Seafile']['ccnetPath']
adminEmail = config['Seafile']['adminEmail']
logger.debug("Seafile Token: {0}".format(seafileToken))
logger.debug("Seafile ccnet.conf File Path: {0}".format(ccnetPath))
logger.debug("Seafile Admin Email: {0}".format(adminEmail))
logger.debug("Finished reading the config.ini file.")
logger.debug("Starting to read the ccnet.conf file.")
if os.path.exists(ccnetPath):
    ccnetConfig = configparser.ConfigParser()
    ccnetConfig.read(ccnetPath)
else:
    logger.critical("Unable to find/read ccnet.conf file. Please ensure the ccnet.conf path is correct in the config.ini.")
    exit(2)

# Seafile url
seafileURL = ccnetConfig['General']['SERVICE_URL']

# ldap Config
ldapHost = ccnetConfig['LDAP']['HOST']
#ldapPort = ccnetConfig['LDAP SERVER'].getint('port')
#ldapSSL = ccnetConfig['LDAP SERVER'].getboolean('ssl')
ldapBase = ccnetConfig['LDAP']['BASE']
ldapUserDN = ccnetConfig['LDAP']['USER_DN']
ldapUserPassword = ccnetConfig['LDAP']['PASSWORD']
ldapFilter = ccnetConfig['LDAP']['FILTER']
logger.debug("LDAP Host: {0}, LDAP Base: {1}, LDAP User DN: {2}, LDAP Filter: {3}".format(ldapHost, ldapBase, ldapUserDN, ldapFilter))

logger.debug("Finished reading the ccnet.conf file.")

# setup the server 
ldapServer = Server(ldapHost)
logger.debug("Setup LDAP server connection uri: {0}".format(ldapServer))
try:
    ldap = Connection(ldapServer, ldapUserDN, ldapUserPassword, auto_bind=True)
except core.exceptions.LDAPBindError as e:
    logger.critical("LDAP Bind Failed. {0}".format(e))
    exit()
logger.debug("Bind successful.")


# get seafile users and loop through and check group membership and disable or not
logger.debug("Starting query for users in Seafile")
seafileUsers = request('admin/users/', seafileURL, seafileToken)['response']['data']
# need to substract one from the len as the admin account is in the list
logger.debug("Found {0} Seafile users".format(len(seafileUsers)-1))
for seafileUser in seafileUsers:
    if seafileUser['email'] == adminEmail:
        continue
    else:
        logger.debug("User: {0} - Active: {1}".format(seafileUser['email'], bool(seafileUser['is_active'])))
        logger.debug("Checking if {0} user has an email, is active, and is in the seafile group")
        ldap.search(ldapBase, '(&(mail={0})(!(userAccountControl:1.2.840.113556.1.4.803:=2))({1}))'.format(seafileUser['email'], ldapFilter), attributes=['*'])
        count = len(ldap.entries)
        logger.debug("Found {0} LDAP user.".format(count))
        if count == 0:
            logger.debug("User {0} doesn't have an email, isn't active, or isn't in the seafile group, disabling in seafile...".format(seafileUser['email']))
            if not seafileUser['is_active']:
                logger.debug("User {0} is already disabled in Seafile".format(seafileUser['email']))
                continue
            disableUserinSeafile = request('admin/users/{0}/'.format(seafileUser['email']), seafileURL, seafileToken, "PUT", {"is_active": "false"})['response']
            if not disableUserinSeafile['is_active']:
                logger.info("User {0} was set to disabled in Seafile".format(seafileUser['email']))
            else:
                logger.error("There was an error setting user {0} to disabled in Seafile".format(seafileUser['email']))
        else:
            logger.debug("User {0} has an email, is active, and is in the seafile group".format(seafileUser['email']))
            if seafileUser['is_active']:
                logger.debug("User {0} is already active in Seafile".format(seafileUser['email']))
                continue
            ActiveUserinSeafile = request('admin/users/{0}/'.format(seafileUser['email']), seafileURL, seafileToken, "PUT", {"is_active": "true"})['response']
            if not ActiveUserinSeafile['is_active']:
                logger.info("User {0} was set to active in Seafile".format(seafileUser['email']))
            else:
                logger.error("There was an error setting user {0} to active in Seafile".format(seafileUser['email'])